Open
Conversation
A recent commit changed the `update-changelog` workflow so that instead of checking out the release PR branch directly, it checks out the base branch and then overlays files from the release PR that are necessary to run `auto-changelog validate`. Currently, only changelogs are copied from the release PR. However, to determine which dependency bump changelog entries are missing, the `auto-changelog validate` command needs not only changelogs but also package manifests. This commit fixes the `update-changelog` workflow accordingly.
mcmire
commented
May 7, 2026
| git commit -m "chore: Update dependency bump changelog entries" | ||
|
|
||
| new_commit_id="$(git log -1 --pretty='format:%h')" | ||
| new_commit_id="$(git log -1 --pretty='format:%H')" |
Contributor
Author
There was a problem hiding this comment.
As the PR description mentions, this workflow is somewhat sophisticated in that it checks out the base branch of the release PR, copies changelogs from the release PR, updates changelogs via yarn changelog:validate, then cherry-picks the changelogs back to the release PR. This line grabs the commit we need to cherry-pick. %h is the short commit ID, %H is the full commit ID. I wanted to make sure this wasn't a problem while I was at it.
mcmire
commented
May 7, 2026
| git fetch --no-tags origin "$PR_HEAD_SHA" | ||
| git fetch --no-tags origin "$PR_HEAD_REF" | ||
| git checkout "$PR_HEAD_SHA" -- '**/CHANGELOG.md' | ||
| git checkout "$PR_HEAD_SHA" -- '**/CHANGELOG.md' '**/package.json' |
Contributor
Author
There was a problem hiding this comment.
I tested this flow locally using https://github.com/MetaMask/core/actions/runs/25519305257/job/74898870596?pr=8740 as a guide. I feel more confident it should work now.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Explanation
A recent commit changed the
update-changelogworkflow so that instead of checking out the release PR branch directly, it checks out the base branch and then overlays files from the release PR that are necessary to runauto-changelog validate.Currently, only changelogs are copied from the release PR. However, to determine which dependency bump changelog entries are missing, the
auto-changelog validatecommand needs not only changelogs but also package manifests.This commit fixes the
update-changelogworkflow accordingly.References
Checklist
Note
Low Risk
Low risk workflow-only change that adjusts which files are checked out/committed and how a commit SHA is captured; main risk is unintended CI behavior or pushes to PR branches.
Overview
Fixes the
update-changelogsGitHub Actions workflow to overlay and temporarily commit both**/CHANGELOG.mdand**/package.jsonfrom the PR branch before runningyarn changelog:validate --checkDeps, ensuring dependency-bump validation uses the PR’s manifests.Also updates the workflow to output the full commit SHA (
%H) for the generated changelog-fix commit, and renames the related steps to reflect the broader file overlay/commit.Reviewed by Cursor Bugbot for commit bd50247. Bugbot is set up for automated code reviews on this repo. Configure here.